Automating DevOps with GitLab CI/CD Pipelines Build efficient CI/CD pipelines to verify, secure, and deploy your code using real-life examples Christopher Cowell Nicholas Lotz Chris Timberlake BIRMINGHAM—MUMBAI Automating DevOps with GitLab CI/CD Pipelines Copyright © 2023 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Group Product Manager: Mohd Riyan Publishing Product Manager: Surbhi Suman Senior Editors: Divya Vijayan and Athikho Sapuni Rishana Technical Editor: Nithik Cheruvakodan Copy Editor: Safis Editing Project Coordinator: Ashwin Kharwa Proofreader: Safis Editing Indexer: Rekha Nair Production Designer: Shankar Kalbhor Marketing Coordinator: Ankita Bhonsle Senior Marketing Coordinator: Marylou De Mello First published: February 2023 Production reference: 1310123 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80323-300-0 www.packtpub.com To Marya DeVoto, for reminding me that words actually mean things. – Christopher Cowell To my parents, Tom and Deborah, for encouraging me to never stop asking “why?” – Nicholas Lotz Contributors About the authors Christopher Cowell was formerly a technical trainer at GitLab, and now builds educational content at Instabase. He also worked for 2 decades as a research scientist, consultant, and QA engineer at big and small software companies, including Accenture, Oracle, and Puppet. He thinks the software industry undervalues code quality and thoughtful design and overvalues delivering mediocre code quickly. Slow down, simplify, and get it right! He dreams of being able to play every Beatles song on guitar, but would settle for knowing just one really well. He holds a Ph.D. in philosophy from Berkeley and a B.A. in computer science from Harvard. He lives in Portland, Oregon, with his wife, his four kids, and the two best cats. Thank you to my family, for their unending patience whenever I disappeared into the basement to work on this book, which I did a lot. I especially hope I can repay my wife, Marya DeVoto, by being just as accommodating when she launches into writing her Space Rabbi series of novels. Soren, I owe you a ski trip. Kirin, consider yourself to have a lifetime pass for playing Ticket to Ride whenever you want. Thanks also to my wonderful parents, Nick and Priscilla, for giving me whatever minor skills or talent I may have at explaining things. Nicholas Lotz is a technical trainer at GitLab, where he teaches organizations how to use GitLab to build and ship better software. He previously worked as a systems engineer, trainer, and consultant in the software infrastructure space. He is passionate about open source and its capacity to help teams innovate. Nicholas holds a B.S. in chemical engineering from the University of Pittsburgh. He lives in Nashville, Tennessee, with his Labrador Retriever. Chris Timberlake is a senior solutions architect at GitLab, where he works closely with the product, services, and sales teams. Previously, he worked at Red Hat as a senior consultant and owned and managed a digital marketing firm, and he has a background in security and law enforcement. Chris loves technical engineering problems and does whatever possible to ensure successful customer outcomes. Chris is passionate about open source software, collaborative development, and education. He lives in Chattanooga, Tennessee, with his family. About the reviewers Jean-Philippe Baconnais has been a developer for more than 15 years. Initially focused on Java, he later learned new languages such as Go, as well as about frontend frameworks such as Vue.js and Angular. Curious by nature, he enjoys learning about and trying out new technologies, applying them, and sharing them, whether in his own company, Zenika, in communities as a speaker at conferences, or at local events in his home city of Nantes, France. As an open source developer, he has had the pleasure of participating in two open source communities and has been given the recognition of GitLab Hero and GitPod Community Hero. Philippe Charrière is a customer success engineer at GitLab (having worked there for the last 5 years). He started working in computer science in 1995 and has held positions as a developer, architect, project manager, manager, bid manager, customer success manager, solution engineer, strategic account leader, and customer success engineer. Today, his favorite subject is WebAssembly, particularly with Go, TinyGo, and Rust. Table of Contents Preface xv Part 1 Getting Started with DevOps, Git, and GitLab 1 Understanding Life Before DevOps 3 Introducing the Hats for Cats web app 4 Manual security testing summary 15 Building and verifying code manually 4 Packaging and deploying code Building code manually 4 manually 16 Verifying code manually 5 License compliance scanning 17 More challenges of verifying code 11 Deploying software 17 Security-testing code manually 12 Problems with manual software Static code analysis 12 development life cycle practices 18 Secret detection 13 Solving problems with DevOps 21 Dynamic analysis 14 How GitLab implements DevOps 22 Dependency scanning 14 Summary 23 Container scanning 15 2 Practicing Basic Git Commands 25 Technical requirements 26 Why Git is popular 30 Why use Git? 27 Drawbacks of Git 32 What is a version control system? 27 Committing code to keep it safe 33 What problems does a VCS solve? 28 Excluding files from a repository 37 viii Table of Contents Tagging commits to identify versions The “golden” repository 47 of code 39 Configuring remote repositories 48 Branching code for developing in an Pushing 51 isolated space 40 Fetching 51 Git commands for managing branches 43 Pulling 52 Handling merge conflicts 44 Additional resources for learning Git 53 Syncing local and remote copies of Summary 54 repositories 47 3 Understanding GitLab Components 55 Technical requirements 56 Labels 67 Emphasizing the “why” over Issue workflows 68 the “how” 56 Editing files safely with commits, Introducing the GitLab platform 57 branches, and merge requests 69 What is GitLab? 57 Commit history 73 What problem does GitLab solve? 57 Merging one Git branch into another 74 The verify, secure, and release stages 59 The three amigos – issues, branches, and merge requests 78 Organizing work into projects When two amigos are enough 79 and groups 60 How are issues and merge requests different? 79 Example – organizing your Hats for Cats work 63 Enabling DevOps practices with Tracking work with issues 64 GitLab flow 80 The structure of a GitLab issue 65 Summary 82 The kinds of tasks that issues can represent 67 4 Understanding GitLab’s CI/CD Pipeline Structure 85 Technical requirements 86 Viewing a list of pipelines 87 Defining the terms pipeline, CI – finding out if your code is good 89 CI, and CD 86 CD – finding out where your code should go (and putting it there) 90 Understanding what a pipeline is 86 GitLab Runners 93 Defining one pipeline per project 87 Understanding different uses of the term Parts of a pipeline – stages, jobs, and “pipeline” 87 commands 94 Table of Contents ix Stages 94 Other types of pipelines 100 Jobs 96 Skipping pipelines 101 Commands 97 Reading GitLab CI/CD pipeline Fitting the pipeline pieces together 98 statuses 102 Running GitLab CI/CD pipelines 98 Configuring GitLab CI/CD pipelines 103 Branch pipelines 98 Summary 107 Git tag pipelines 100 Part 2 Automating DevOps Stages with GitLab CI/CD Pipelines 5 Installing and Configuring GitLab Runners 111 Technical requirements 112 Each runner has a defined executor 118 Defining GitLab runners and their Runner tags restrict which runners can pick up which jobs 122 relationship to CI/CD 112 GitLab Runner is an open source application Installing the Runner agent 122 written in Go 112 Installing GitLab Runner 123 GitLab Runner runs CI/CD jobs specified in Registering a runner with GitLab 123 .gitlab-ci.yml 112 Considerations regarding the various The runner architecture and runner types and executors 129 supported platforms 113 Performance considerations 129 GitLab Runner is supported on most Security considerations 131 platforms and architectures 114 Monitoring considerations 132 Runners can be specific, group, or shared 115 Summary 135 6 Verifying Your Code 137 Technical requirements 138 Compiling Java with Maven 141 Building code in a CI/CD pipeline 138 Compiling C with Gnu Compiler Collection (GCC) 143 Compiling Java with javac 138 Storing built code as artifacts 145